#!/bin/bash
FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log | wc -l)
[ $FAILED_LOGINS -gt 10 ] && echo "异常登录尝试: $FAILED_LOGINS 次" | mail -s "安全告警" admin@example.com